DistroWatch Weekly

A weekly opinion column and a summary of events from the distribution world

DistroWatch Weekly

DistroWatch Weekly, Issue 760, 23 April 2018

Welcome to this year's 17th issue of DistroWatch Weekly!
When choosing a distribution it is sometimes difficult to find a good balance between cutting edge software and stability. This week we begin with a look at Chakra GNU/Linux which strives to offer both a stable operating system and the latest desktop applications through a semi-rolling release policy. Jesse Smith has more details on the Chakra distribution in our Feature Story. In our News section we talk about Debian's roadmap for Debian 10 "Buster" and the results of the Debian Project Leader election. Plus we report on Netrunner introducing a new ARM-based edition and Slackware initiating a massive rebuild of the venerable distribution's software packages. Plus we talk about Microsoft developing a new operating system based on a modified version of the Linux kernel. In our Questions and Answers column we explore hiding files using a special systemd security feature. As usual, we share the releases of the past week and list the torrents we are seeding. Finally, our Opinion Poll asks whether our readers dual boot or use virtual machines in order to run multiple operating systems on the same computer. We wish you all a fantastic week and happy reading!

Chakra GNU/Linux is a 64-bit, desktop operating system which originally grew out of Arch Linux, but is now maintained as an independent fork. Chakra places a focus on running KDE/Qt software and its sole edition runs the KDE Plasma desktop environment. Chakra bills itself as a semi-rolling or "half-rolling" release distribution. This means that desktop software tends to be updated right away while core system components are held back for additional testing before being released to end users. In theory, this allows Chakra to remain stable while also keeping users up to date so that the operating system never needs to be reinstalled. This semi-rolling approach also means we can install from older media and then bring our system up to date once it is on-line, which is what I intended to do this week.

I downloaded the most recent (as of the time of writing) snapshot of Chakra's ISO which was published back in October of 2017. The ISO was 1.9GB in size. Originally I tried to download the ISO through its torrent, but there were no seeders and I had to download a copy of the distribution from one of its mirrors.

Booting from the ISO brings up the Plasma 5.10 desktop environment. At the bottom of the screen is a panel containing the application menu and system tray. On the desktop a welcome screen is displayed. This welcome screen provides links to the distribution's website, beginner's guide and system installer. There is a tab in the welcome window which will display the latest news and developments coming out of the Chakra project.

Installing

Chakra uses the Calamares system installer. Calamares is a graphical installer which has been adopted by several distributions due to its streamlined nature and easy partitioning options. The installer quickly walked me through selecting my language, time zone and keyboard layout. When it came to disk partitioning, Calamares offered to let me manually divide up the disk or wipe my drive and place Chakra on one partition with another partition set aside for swap space. Then we are asked to create a username and password. The installer worked quickly and without fault, soon announcing it was finished all its tasks and offering to reboot the computer. I like the Calamares installer, its interface is easy to navigate and it provides a consistent, cross-distro approach to setting up Linux-based systems.

Early impressions

Chakra boots to a graphical login screen and signing into our account brings up the Plasma desktop. Plasma is presented with a dark theme which I find pleasant to look at. There are folder icons on the desktop which open the Dolphin file manager. At first, one of the icons overlapped with the Plasma action/widget menu and it was a toss-up which one I would activate if I clicked on that part of the screen. I was able to pull these widgets apart by dragging them with the mouse.

The default Plasma application menu uses a single-pane layout, which I find awkward to use because of the extra clicks required to browse into categories and back out. The menu can be swapped out for alternative menu layouts by right-clicking on the menu's button.

Initially I found Chakra's default fonts to be smaller than I liked. A quick trip into the distribution's settings panel allowed me to set the size and style of the fonts. I do want to give the developers credit though for the high contrast in the default desktop theme. Some distributions like to display text in low-contrast shades of grey or use transparent backgrounds which make it difficult to read what is on the screen. Chakra was more forgiving in its use of solid colours and white-on-black (or black-on-white) text.

After a while I realized Chakra was not going to let me know if there were software updates available, and I was pretty sure there would be since the installation media was over five months old. I located the Octopi package manager in the application menu and launched it. Octopi presents a simple list of software packages available in Chakra's repositories and can perform searches for package names. Octopi's upgrade feature let me know there were 532 new packages available, totalling 986MB in size. For comparison's sake, there are 900 packages installed by default, meaning over half the packages on my system needed to be replaced. Despite the massive queue of new packages, Octopi (and its underlying Pacman package manager) downloaded and installed all of the new items successfully. After the upgrade was completed there were very few new updates presented during the rest of the week, with new packages trickling in at a rate of about one per day.

Octopi proved to be a handy and fast tool for tracking down and installing new applications too. The package manager has a fairly simple approach and does not really have recognizable categories the way most modern software managers do, but it worked without running into issues.

Chakra places a strong emphasis on using KDE software and most of the applications included are either related to KDE or are built using the Qt development toolkit. The distribution ships with the QupZilla web browser, KMail, the Konversation IRC client, the Akregator RSS feed reader and the KGet download manager. The Calligra productivity suite is featured rather than the more commonly used LibreOffice. Karbon is available to work with scalable graphics and the KolourPaint simple drawing tool is included. We also have access to the K3b disc burning software, the Okular document viewer and the Dolphin file manager.

Chakra features a handful of multimedia applications, including the bomi video player, the Kdenlive video editor and the Clementine music player. The distribution includes media codecs by default. Rounding out the application menu there is a category dedicated to providing links to Chakra's on-line resources such as the source code repository, bug reports, documentation and the community forums.

The first wave of package upgrades I installed bumped several key packages up a version or two. The Linux kernel jumped from version 4.12 to 4.14 and the Plasma desktop leaped from 5.10 to 5.12. Following the upgrade the Plasma desktop took a lot longer to login (over 30 seconds) and the desktop performed slower after its upgrade. I was hoping Plasma 5.12 would offer me access to the Plasma Vaults encrypted volumes feature. However, I could not find any way to access Vaults following the upgrade. Some other key packages had their version numbers jump, for example systemd went from version 231 to 235 and the GNU compiler was bumped from 6.3 to 7.3.

Hardware

Chakra worked well in both of my test environments. When running on my laptop computer, Chakra worked smoothly and detected my hardware, including the wireless card. The distribution's performance was middle range, neither notably fast or slow on the laptop. When running in VirtualBox, Chakra was a little on the slow side, especially after installing the first large wave of updates. Plasma always lagged a bit, even after I disabled file indexing and most visual effects.

In either environment, a fresh install of Chakra used about 5.5GB of disk space and 390MB of RAM. I noticed after a while that my cache of downloaded packages was getting large, using over 1GB of disk space. I tried using the Octopi Cache Cleaner tool to remove old packages, but it was unable to identify any cached software. I was able to manually remove old packages from under the /var directory.

Conclusions

Chakra is an unusual distribution for a few reasons. It is a rare semi-rolling project, which tries to maintain a fairly stable base system while providing up to date applications. This is an interesting compromise between full rolling and static operating systems. The semi-rolling concept is an idea I like and I was curious to see how well the approach would work dealing with around six months of updates. I was pleased to find Chakra handled the massive upgrade well.

Chakra was once also considered unusual for being very KDE-focused. There are more KDE distribution these days (KaOS, Kubuntu and KDE neon come readily to mind) and I think Chakra may have lost some of its appeal as more competition has established itself in the KDE-centric arena.

I found the distribution to be easy to set up and pretty straight forward to use, but there were a few characteristics which bothered me during my trial with Chakra. One was that while updates installed cleanly, once Plasma 5.12 was installed, I experienced slow login times and reduced performance on the desktop. It could be argued that this is a Plasma problem, not a Chakra problem, but the distribution's rolling release nature means any regressions in new versions of software end up in the user's lap.

Something that tends to bother me about distributions which focus on one desktop toolkit or another is that this approach to selecting software means we are sometimes using less capable tools in the name of toolkit purity. This is not a trade-off I like as I'd rather be using more polished applications over ones which a particular affiliation.

Finally, Chakra includes a number of command line aliases which got in my way. This seems to be a problem I have been running into more often recently. Developers are trying to be helpful by aliasing common commands, but it means that for some tasks I need to change my habits or undefine the provided aliases and the feature ends up being a nuisance instead of a convenience.

Chakra seems to be a capable and useful distribution and I am sure there are people who will appreciate the rolling release nature. Many people will likely also like having lots of KDE applications, and I can see the appeal of this combination. However, one thing which makes me hesitate to recommend Chakra is that the distribution does not appear to bring any special features to the ecosystem. It's a useful operating system and, to be completely fair, users can install non-KDE alternatives if they want to use LibreOffice instead of Calligra or GIMP instead of KolourPaint. But I'm not sure Chakra brings anything unique which makes it stand apart from openSUSE's Tumbleweed or KaOS's polished Plasma offering. Chakra used to be special in its semi-rolling, KDE-focused niche, but these days the distribution has a more competition and I'm not sure the project has any special sauce to set it apart from the crowd.

* * * * *

Hardware used in this review

My physical test equipment for this review was a de-branded HP laptop with the following
specifications:

Processor: Intel i3 2.5GHz CPU

Display: Intel integrated video

Storage: Western Digital 700GB hard drive

Memory: 6GB of RAM

Wired network device: Realtek RTL8101E/RTL8102E PCI Express Fast

Wireless network device: Realtek RTL8188EE Wireless network card

* * * * *

Visitor supplied rating

Chakra GNU/Linux has a visitor supplied average rating of: 9/10 from 22 review(s).
Have you used Chakra GNU/Linux? You can leave your own review of the project on our ratings page.

Miscellaneous News (by Jesse Smith)

The Debian 10 roadmap and Project Leader election, Netrunner publishes ARM edition, Slackware kicks off package rebuild and Microsoft develops its own Linux-based system for IoT

The Debian Release Team has published information on the current development work going into Debian 10 "Buster". The project is about halfway through the development cycle for Buster with a final release expected around the middle of 2019. "In order to minimize the freeze length, we have shortened the transition freeze by one month. In any case, if you are planning a transition, don't leave it until the last moment, or else it may not make it in time for Buster. The larger the transition is, the earlier it should happen. We do not have a fixed release date, but given the cadence of previous releases it is likely that the release date will be some time mid 2019." Further information can be found in this mailing list post from the Debian Release Team.

The Debian project held its vote for the position of Project Leader this month. The process was streamlined by there being just one candidate running in 2018. Chris Lamb, the current Project Leader and only candidate in this election, has been voted in to serve at the helm of the Debian community for another year. Details on the vote can be found on the project's election page.

* * * * *

Netrunner is a Debian-based distribution which features the KDE Plasma desktop environment. The Netrunner project has published a new edition of the distribution which runs on ARM processors, allowing the distribution to work on ARM-powered laptops like the Pinebook. "The Netrunner team is excited to announce the immediate availability of Netrunner 18.03 on the Pinebook. This release brings the powerful KDE Plasma desktop to low end ARM devices such as the Pinebook, while retaining the performance you’ve come to expect out of Plasma. Features: KDE Plasma 5.12.2; Calamares to aid with post-setup like SD-card resizing and personal user creation; accelerated X11 acceleration with OpenGLES; accelerated video playback with VDPAU; preloaded Firefox for super quick start." Further details are available on the Netrunner website and a separate page has been set up to provide download options for ARM computers.

* * * * *

Slackware is well known as a conservative distribution which rarely introduces sweeping changes. However, the world's oldest surviving Linux distribution introduced some significant changes this week which required a rebuild of the project's software packages: "Hi folks, and welcome to the third ever Slackware Mass Rebuild (and the longest ChangeLog entry in project history). There were two primary motivations for rebuilding everything in the main tree. The first was to switch to the new C++ ABI. The second was to get rid of all the .la files in the LD_LIBRARY_PATH. Really, having .la files installed has been mostly obsolete since things began to use pkg-config instead, but it's not easy to get rid of them unless you do it all at once. If you just take them out of one package, any other packages containing .la files that refer to the removed ones will be broken." How this rebuild will affect users and how to handle the change is covered in Slackware's changelog.

* * * * *

Over the years Microsoft's position on Linux has evolved quite a bit. The company has gone from declaring Linux "a cancer" to supporting Linux server distributions on Microsoft's Azure cloud platform to making it possible to install Linux programs on Windows through a compatibility layer. The software company is now taking another step into the Linux world and creating a new operating system for Internet of Things (IoT) devices using a modified version of the Linux kernel. "Azure Sphere OS: This OS is purpose-built to offer unequaled security and agility. Unlike the RTOSes common to MCUs today, our defense-in-depth IoT OS offers multiple layers of security. It combines security innovations pioneered in Windows, a security monitor, and a custom Linux kernel to create a highly-secured software environment and a trustworthy platform for new IoT experiences." More information on the Linux-powered device can be found in the company's blog post.

Hiding-files-with-systemd asks: The systemd 238 release has a new "Temporary File System" feature:

A new TemporaryFileSystem= option to msk [sic] parts of a real file-system tree with tmpfs mounts. This can be used for hiding files/directories not relevant to the unity [sic] or where you don't want any rogue units to potentially access. This also allows for ProtectHome=tmpfs to hide the user's home and runtime directories from units.

What can this do for data security? Would it be useful to prevent another user on the same computer from accessing your private data? Would it also be useful in preventing network intruders from accessing your private data?

DistroWatch answers: I had trouble finding information on the TemporaryFileSystem feature in my quest to answer this question. It didn't turn up when I searched systemd 238's release notes or show up in a search of the systemd site. All searches for an explanation kept taking me back to the the Phoronix article where the above quote originated.

Eventually I was able to track down a copy of this manual page which talks about TemporaryFileSystem and related options for systemd unit files. This is the explanation for the TemporaryFileSystem variable:

Takes a space-separated list of mount points for temporary file systems (tmpfs). If set, a new file system namespace is set up for executed processes, and a temporary file system is mounted on each mount point. This option may be specified more than once, in which case temporary file systems are mounted on all listed mount points. If the empty string is assigned to this option, the list is reset, and all prior assignments have no effect. Each mount point may optionally be suffixed with a colon (":") and mount options such as "size=10%" or "ro". By default, each temporary file system is mounted with "nodev,strictatime,mode=0755". These can be disabled by explicitly specifying the corresponding mount options, e.g., "dev" or "nostrictatime". This is useful to hide files or directories not relevant to the processes invoked by the unit, while necessary files or directories can be still accessed by combining with BindPaths= or BindReadOnlyPaths=.

Put another way, when you specify the name of a directory in the TemporaryFileSystem variable, the program or service started by that unit file cannot see the contents of the given directory. The directory should just look empty to the service. This can be useful if you do not want a daemon to be able to browse through your data or get information about your system's configuration. Using the TemporaryFileSystem variable you can hide the usually accessible /etc or /var directories, for instance, to hide information from the service.

This feature could help you if you wanted to grant users access to certain files on your system through a web or file sharing service, but wanted to make sure they could not access the rest of your file system. If your program does not have a chroot function or you think it could be compromised, then this systemd feature, and related features, offer a level of protection.

However, these systemd features only hide directories and files from the service started by that specific unit file. Other users and programs running on the system are not affected, they can still see your files. If you are sharing a computer with other people who can login directly or you are worried about attackers breaking into your system through means other than a service run with this systemd variable, then this feature does not protect you.

If you want to protect private data, then I recommend looking at directory permissions and encryption. Setting your home directory to block other users' access is a good place to start. Set chmod 0700 permissions on your home directory to keep users other than administrators out of your files. To protect yourself from remote attackers, make sure your system is up to date and disable any unnecessary network services. Consider running web-facing programs, like web browsers, in a Firejail sandbox to isolate these vulnerable programs from your files.

If you are concerned about other users with administrator access or persistent remote attackers, then you can set up an encryption vault. Both the GNOME and Plasma desktops havetools which makes setting up encrypted folders that require a password to access, a simple point-n-click experience.

Avi Miller has announced the release of Oracle Linux 7 Update 5, the latest version of the company's enterprise-class Linux distribution built from the source code of Red Hat Enterprise Linux (RHEL) 7.5: "Oracle is pleased to announce the general availability of Oracle Linux 7 Update 5 for the x86_64 architecture. Notable security-related features in this release: support for Memory Protection Keys on recent Intel processors - CPUs provide this support through a new user-accessible register (PKRU) that contains two separate bits; ability to unlock encrypted devices connected to a network during the boot process; SSLv3 disabled in mod_ssl, this change also restricts the use of certain cryptographic cipher suites; KASLR (kernel address-space layout randomization) for KVM guests added. Btrfs continues to be fully supported in Oracle Linux 7.5 with Unbreakable Enterprise Kernel (UEK). Btrfs support is deprecated in the Red Hat Compatible Kernel." See the release announcement and the release notes for further information.

Trisquel GNU/Linux is an Ubuntu-based desktop distribution which features free and open source software exclusively. The project's latest release, Trisquel 8.0 "Flidas", is based on Ubuntu 16.04 and includes support through to the year 2021. "The biggest internal change to the default edition is the switch from GNOME to MATE 1.12. The main reason for this change was that GNOME dropped support for their legacy desktop, which retained the GNOME 2.x user experience and didn't require 3D composition -- a feature that in many computers would still need non-free software to run at full speed. MATE provides a perfect drop-in replacement, it is very light and stable and it retains all the user experience design that we are used to from previous Trisquel releases. The next most important component is Abrowser 59 (based on Mozilla Firefox), which is not only fully-featured and quite faster than before, it has also been audited and tweaked to maximize the user's privacy without compromising on usability." Additional information can be found in the project's release announcement.

Smoothwall Express, is a specialist Linux distribution for firewalls and routers, featuring a custom web-based configuration interface. The project's origins date back to the year 2000 and it still continues to evolve today - the developers have just announced an update to their 3.1 product line: "The Smoothwall Express team announce the release of Update9/SP4. This update and service pack should address most of the problems you encountered with Update8/SP3. We resolved a number of bugs, updated a number of packages, and re-released all of the Update8 packages. Of particular note, we made a number of improvements in the UI, added packages that will allow you to use a wireless IF for RED (manual only; not yet integrated into the system), and switched from Openswan to Libreswan. We also locked the kernel headers (used for glibc, klibc and a few other packages) to those of 3.4.104 to ensure a consistent Linux API going forward. Update8 switched to 3.16 kernel headers for some packages; this may have been the source of inexplicable problems some people reported after applying Update8." Here is the full release announcement as published on the distribution's user forums.

The table below provides a list of torrents DistroWatch is currently seeding. If you do not have a bittorrent client capable of handling the linked files, we suggest installing either the Transmission or KTorrent bittorrent clients.

Archives of our previously seeded torrents may be found in our Torrent Archive. We also maintain a Torrents RSS feed for people who wish to have open source torrents delivered to them. To share your own open source torrents of Linux and BSD projects, please visit our Upload Torrents page.

Many of our readers run multiple operating systems. In a past poll, 49% reported they dual boot open source and a proprietary operating systems. This week we would like to find out, from people who run multiple operating systems, do you prefer to dual boot or run one platform in a virtual machine? Do you ever take advantage of compatibility software such as DOSbox, WINE or WSL in place of running a complete separate operating system? Let us know your preferred set up in the comments.

You can see the results of our previous poll on the minimum length of long term support in last week's edition. All previous poll results can be found in our poll archives.

Dual booting versus virtual machines

I dual boot:

890 (29%)

I use virtual machines:

600 (20%)

I use compatibility software (WINE/DOSbox/WSL):

123 (4%)

I use a combination of the above:

829 (27%)

I run one operating system:

589 (19%)

DistroWatch.com News

Finding long term support (LTS) operating systems

This week we added a new feature to our Search page which allows visitors to more easily find long term support (LTS) releases. When selecting "Fixed (LTS)" from the Release model field, a list of projects which offer long term support will be displayed.

In this case, LTS has a fairly strict definition. For a distribution to be considered LTS in our database it must A) have a declared support cycle and B) that support cycle must be at least five years long. Five years was chosen by our readers in a poll. Projects which either do not declare the length of their support cycle on their website or provide fewer than five years of support are not included in our search results.

* * * * *

Distributions added to waiting list

Arcticy Linux. Arcticy Linux is a distribution based on Arch Linux which features the Xfce desktop environment. It ships with desktop applications and multimedia support included.

This concludes this week's issue of DistroWatch Weekly. The next instalment will be published on Monday, 30 April 2018. Past articles and reviews can be found through our Article Search page. To contact the authors please send e-mail to:

The community-oriented Unity Linux was a minimalist distribution and live CD which was originally based on Mandriva Linux, but was now maintained as an independent distribution. The project's main goal was to create a base operating system from which more complete, user-oriented distribution can easily be built - either by other distribution projects or by the users themselves. Unity Linux uses Openbox as the default window manager. Its package management was handled via YUM and RPM 5 which can download and install additional software packages from the project's online repository.